dependabot-bundler 0.95.5 → 0.95.6

data/lib/dependabot/bundler/file_parser/file_preparer.rb

@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/dependency_file"
-require "dependabot/bundler/file_parser"
-require "dependabot/bundler/file_updater/gemspec_sanitizer"
-
-module Dependabot
-  module Bundler
-    class FileParser
-      class FilePreparer
-        def initialize(dependency_files:)
-          @dependency_files = dependency_files
-        end
-
-        def prepared_dependency_files
-          files = []
-
-          gemspecs.compact.each do |file|
-            files << DependencyFile.new(
-              name: file.name,
-              content: sanitize_gemspec_content(file.content),
-              directory: file.directory,
-              support_file: file.support_file?
-            )
-          end
-
-          files += [
-            gemfile,
-            *evaled_gemfiles,
-            lockfile,
-            ruby_version_file,
-            *imported_ruby_files
-          ].compact
-        end
-
-        private
-
-        attr_reader :dependency_files
-
-        def gemfile
-          dependency_files.find { |f| f.name == "Gemfile" } ||
-            dependency_files.find { |f| f.name == "gems.rb" }
-        end
-
-        def evaled_gemfiles
-          dependency_files.
-            reject { |f| f.name.end_with?(".gemspec") }.
-            reject { |f| f.name.end_with?(".lock") }.
-            reject { |f| f.name.end_with?(".ruby-version") }.
-            reject { |f| f.name == "Gemfile" }.
-            reject { |f| f.name == "gems.rb" }.
-            reject { |f| f.name == "gems.locked" }
-        end
-
-        def lockfile
-          dependency_files.find { |f| f.name == "Gemfile.lock" } ||
-            dependency_files.find { |f| f.name == "gems.locked" }
-        end
-
-        def gemspecs
-          dependency_files.select { |f| f.name.end_with?(".gemspec") }
-        end
-
-        def ruby_version_file
-          dependency_files.find { |f| f.name == ".ruby-version" }
-        end
-
-        def imported_ruby_files
-          dependency_files.
-            select { |f| f.name.end_with?(".rb") }.
-            reject { |f| f.name == "gems.rb" }
-        end
-
-        def sanitize_gemspec_content(gemspec_content)
-          # No need to set the version correctly - this is just an update
-          # check so we're not going to persist any changes to the lockfile.
-          FileUpdater::GemspecSanitizer.
-            new(replacement_version: "0.0.1").
-            rewrite(gemspec_content)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/bundler/file_parser/gemfile_checker.rb

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-require "parser/current"
-require "dependabot/bundler/file_parser"
-
-module Dependabot
-  module Bundler
-    class FileParser
-      # Checks whether a dependency is declared in a Gemfile
-      class GemfileChecker
-        def initialize(dependency:, gemfile:)
-          @dependency = dependency
-          @gemfile = gemfile
-        end
-
-        def includes_dependency?
-          return false unless Parser::CurrentRuby.parse(gemfile.content)
-
-          Parser::CurrentRuby.parse(gemfile.content).children.any? do |node|
-            deep_check_for_gem(node)
-          end
-        end
-
-        private
-
-        attr_reader :dependency, :gemfile
-
-        def deep_check_for_gem(node)
-          return true if declares_targeted_gem?(node)
-          return false unless node.is_a?(Parser::AST::Node)
-
-          node.children.any? do |child_node|
-            deep_check_for_gem(child_node)
-          end
-        end
-
-        def declares_targeted_gem?(node)
-          return false unless node.is_a?(Parser::AST::Node)
-          return false unless node.children[1] == :gem
-
-          node.children[2].children.first == dependency.name
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/bundler/file_updater.rb

@@ -1,125 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters"
-require "dependabot/file_updaters/base"
-
-module Dependabot
-  module Bundler
-    class FileUpdater < Dependabot::FileUpdaters::Base
-      require_relative "file_updater/gemfile_updater"
-      require_relative "file_updater/gemspec_updater"
-      require_relative "file_updater/lockfile_updater"
-
-      def self.updated_files_regex
-        [
-          /^Gemfile$/,
-          /^Gemfile\.lock$/,
-          /^gems\.rb$/,
-          /^gems\.locked$/,
-          /^*\.gemspec$/
-        ]
-      end
-
-      def updated_dependency_files
-        updated_files = []
-
-        if gemfile && file_changed?(gemfile)
-          updated_files <<
-            updated_file(
-              file: gemfile,
-              content: updated_gemfile_content(gemfile)
-            )
-        end
-
-        if lockfile && dependencies.any?(&:appears_in_lockfile?)
-          updated_files <<
-            updated_file(file: lockfile, content: updated_lockfile_content)
-        end
-
-        top_level_gemspecs.each do |file|
-          next unless file_changed?(file)
-
-          updated_files <<
-            updated_file(file: file, content: updated_gemspec_content(file))
-        end
-
-        evaled_gemfiles.each do |file|
-          next unless file_changed?(file)
-
-          updated_files <<
-            updated_file(file: file, content: updated_gemfile_content(file))
-        end
-
-        updated_files
-      end
-
-      private
-
-      def check_required_files
-        file_names = dependency_files.map(&:name)
-
-        if lockfile && !gemfile
-          raise "A Gemfile must be provided if a lockfile is!"
-        end
-
-        return if file_names.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
-        return if gemfile
-
-        raise "A gemspec or Gemfile must be provided!"
-      end
-
-      def gemfile
-        @gemfile ||= get_original_file("Gemfile") ||
-                     get_original_file("gems.rb")
-      end
-
-      def lockfile
-        @lockfile ||= get_original_file("Gemfile.lock") ||
-                      get_original_file("gems.locked")
-      end
-
-      def evaled_gemfiles
-        @evaled_gemfiles ||=
-          dependency_files.
-          reject { |f| f.name.end_with?(".gemspec") }.
-          reject { |f| f.name.end_with?(".lock") }.
-          reject { |f| f.name.end_with?(".ruby-version") }.
-          reject { |f| f.name == "Gemfile" }.
-          reject { |f| f.name == "gems.rb" }.
-          reject { |f| f.name == "gems.locked" }
-      end
-
-      def updated_gemfile_content(file)
-        GemfileUpdater.new(
-          dependencies: dependencies,
-          gemfile: file
-        ).updated_gemfile_content
-      end
-
-      def updated_gemspec_content(gemspec)
-        GemspecUpdater.new(
-          dependencies: dependencies,
-          gemspec: gemspec
-        ).updated_gemspec_content
-      end
-
-      def updated_lockfile_content
-        @updated_lockfile_content ||=
-          LockfileUpdater.new(
-            dependencies: dependencies,
-            dependency_files: dependency_files,
-            credentials: credentials
-          ).updated_lockfile_content
-      end
-
-      def top_level_gemspecs
-        dependency_files.
-          select { |file| file.name.end_with?(".gemspec") }.
-          reject(&:support_file?)
-      end
-    end
-  end
-end
-
-Dependabot::FileUpdaters.
-  register("bundler", Dependabot::Bundler::FileUpdater)

data/lib/dependabot/bundler/file_updater/gemfile_updater.rb

@@ -1,114 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/bundler/file_updater"
-
-module Dependabot
-  module Bundler
-    class FileUpdater
-      class GemfileUpdater
-        require_relative "git_pin_replacer"
-        require_relative "git_source_remover"
-        require_relative "requirement_replacer"
-
-        def initialize(dependencies:, gemfile:)
-          @dependencies = dependencies
-          @gemfile = gemfile
-        end
-
-        def updated_gemfile_content
-          content = gemfile.content
-
-          dependencies.each do |dependency|
-            content = replace_gemfile_version_requirement(
-              dependency,
-              gemfile,
-              content
-            )
-
-            if remove_git_source?(dependency)
-              content = remove_gemfile_git_source(dependency, content)
-            end
-
-            if update_git_pin?(dependency)
-              content = update_gemfile_git_pin(dependency, gemfile, content)
-            end
-          end
-
-          content
-        end
-
-        private
-
-        attr_reader :dependencies, :gemfile
-
-        def replace_gemfile_version_requirement(dependency, file, content)
-          return content unless requirement_changed?(file, dependency)
-
-          updated_requirement =
-            dependency.requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:requirement)
-
-          previous_requirement =
-            dependency.previous_requirements.
-            find { |r| r[:file] == file.name }.
-            fetch(:requirement)
-
-          RequirementReplacer.new(
-            dependency: dependency,
-            file_type: :gemfile,
-            updated_requirement: updated_requirement,
-            previous_requirement: previous_requirement
-          ).rewrite(content)
-        end
-
-        def requirement_changed?(file, dependency)
-          changed_requirements =
-            dependency.requirements - dependency.previous_requirements
-
-          changed_requirements.any? { |f| f[:file] == file.name }
-        end
-
-        def remove_git_source?(dependency)
-          old_gemfile_req =
-            dependency.previous_requirements.
-            find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
-
-          return false unless old_gemfile_req&.dig(:source, :type) == "git"
-
-          new_gemfile_req =
-            dependency.requirements.
-            find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
-
-          new_gemfile_req[:source].nil?
-        end
-
-        def update_git_pin?(dependency)
-          new_gemfile_req =
-            dependency.requirements.
-            find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
-          return false unless new_gemfile_req&.dig(:source, :type) == "git"
-
-          # If the new requirement is a git dependency with a ref then there's
-          # no harm in doing an update
-          new_gemfile_req.dig(:source, :ref)
-        end
-
-        def remove_gemfile_git_source(dependency, content)
-          GitSourceRemover.new(dependency: dependency).rewrite(content)
-        end
-
-        def update_gemfile_git_pin(dependency, file, content)
-          new_pin =
-            dependency.requirements.
-            find { |f| f[:file] == file.name }.
-            fetch(:source).fetch(:ref)
-
-          GitPinReplacer.
-            new(dependency: dependency, new_pin: new_pin).
-            rewrite(content)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-require "parser/current"
-require "dependabot/bundler/file_updater"
-
-module Dependabot
-  module Bundler
-    class FileUpdater
-      class GemspecDependencyNameFinder
-        attr_reader :gemspec_content
-
-        def initialize(gemspec_content:)
-          @gemspec_content = gemspec_content
-        end
-
-        # rubocop:disable Security/Eval
-        def dependency_name
-          ast = Parser::CurrentRuby.parse(gemspec_content)
-          dependency_name_node = find_dependency_name_node(ast)
-          return unless dependency_name_node
-
-          begin
-            eval(dependency_name_node.children[2].loc.expression.source)
-          rescue StandardError
-            nil # If we can't evaluate the expression just return nil
-          end
-        end
-        # rubocop:enable Security/Eval
-
-        private
-
-        def find_dependency_name_node(node)
-          return unless node.is_a?(Parser::AST::Node)
-          return node if declares_dependency_name?(node)
-
-          node.children.find do |cn|
-            dependency_name_node = find_dependency_name_node(cn)
-            break dependency_name_node if dependency_name_node
-          end
-        end
-
-        def declares_dependency_name?(node)
-          return false unless node.is_a?(Parser::AST::Node)
-
-          node.children[1] == :name=
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb

@@ -1,298 +0,0 @@
-# frozen_string_literal: true
-
-require "parser/current"
-require "dependabot/bundler/file_updater"
-
-module Dependabot
-  module Bundler
-    class FileUpdater
-      class GemspecSanitizer
-        UNNECESSARY_ASSIGNMENTS = %i(
-          bindir=
-          cert_chain=
-          email=
-          executables=
-          extra_rdoc_files=
-          homepage=
-          license=
-          licenses=
-          metadata=
-          post_install_message=
-          rdoc_options=
-        ).freeze
-
-        attr_reader :replacement_version
-
-        def initialize(replacement_version:)
-          @replacement_version = replacement_version
-        end
-
-        def rewrite(content)
-          buffer = Parser::Source::Buffer.new("(gemspec_content)")
-          buffer.source = content
-          ast = Parser::CurrentRuby.new.parse(buffer)
-
-          Rewriter.
-            new(replacement_version: replacement_version).
-            rewrite(buffer, ast)
-        end
-
-        class Rewriter < Parser::TreeRewriter
-          def initialize(replacement_version:)
-            @replacement_version = replacement_version
-          end
-
-          def on_send(node)
-            # Wrap any `require` or `require_relative` calls in a rescue
-            # block, as we might not have the required files
-            wrap_require(node) if requires_file?(node)
-
-            # Remove any assignments to a VERSION constant (or similar), as
-            # that constant probably comes from a required file
-            replace_version_assignments(node)
-
-            # Replace the `s.files= ...` assignment with a blank array, as
-            # occassionally a File.open(..).readlines pattern is used
-            replace_file_assignments(node)
-
-            # Replace the `s.require_path= ...` assignment, as
-            # occassionally a Dir['lib'] pattern is used
-            replace_require_paths_assignments(node)
-
-            # Replace any `File.read(...)` calls with a dummy string
-            replace_file_reads(node)
-
-            # Remove the arguments from any `Find.find(...)` calls
-            remove_find_dot_find_args(node)
-
-            remove_unnecessary_assignments(node)
-          end
-
-          private
-
-          attr_reader :replacement_version
-
-          def requires_file?(node)
-            %i(require require_relative).include?(node.children[1])
-          end
-
-          def wrap_require(node)
-            replace(
-              node.loc.expression,
-              "begin\n"\
-              "#{node.loc.expression.source_line}\n"\
-              "rescue LoadError\n"\
-              "end"
-            )
-          end
-
-          def replace_version_assignments(node)
-            return unless node.is_a?(Parser::AST::Node)
-
-            if node_assigns_to_version_constant?(node)
-              return replace_constant(node)
-            end
-
-            node.children.each { |child| replace_version_assignments(child) }
-          end
-
-          def replace_file_assignments(node)
-            return unless node.is_a?(Parser::AST::Node)
-
-            if node_assigns_files_to_var?(node)
-              return replace_file_assignment(node)
-            end
-
-            node.children.each { |child| replace_file_assignments(child) }
-          end
-
-          def replace_require_paths_assignments(node)
-            return unless node.is_a?(Parser::AST::Node)
-
-            if node_assigns_require_paths?(node)
-              return replace_require_paths_assignment(node)
-            end
-
-            node.children.each do |child|
-              replace_require_paths_assignments(child)
-            end
-          end
-
-          def node_assigns_to_version_constant?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.children.first.is_a?(Parser::AST::Node)
-            return false unless node.children.first&.type == :lvar
-
-            return true if node.children[1] == :version=
-            return true if node_is_version_constant?(node.children.last)
-            return true if node_calls_version_constant?(node.children.last)
-
-            node_interpolates_version_constant?(node.children.last)
-          end
-
-          def node_assigns_files_to_var?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.children.first.is_a?(Parser::AST::Node)
-            return false unless node.children.first&.type == :lvar
-            return false unless node.children[1] == :files=
-
-            node.children[2]&.type == :send
-          end
-
-          def node_assigns_require_paths?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.children.first.is_a?(Parser::AST::Node)
-            return false unless node.children.first&.type == :lvar
-
-            node.children[1] == :require_paths=
-          end
-
-          def replace_file_reads(node)
-            return unless node.is_a?(Parser::AST::Node)
-            return if node.children[1] == :version=
-            return replace_file_read(node) if node_reads_a_file?(node)
-            return replace_file_readlines(node) if node_uses_readlines?(node)
-
-            node.children.each { |child| replace_file_reads(child) }
-          end
-
-          def node_reads_a_file?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.children.first.is_a?(Parser::AST::Node)
-            return false unless node.children.first&.type == :const
-            return false unless node.children.first.children.last == :File
-
-            node.children[1] == :read
-          end
-
-          def node_uses_readlines?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.children.first.is_a?(Parser::AST::Node)
-            return false unless node.children.first&.type == :const
-            return false unless node.children.first.children.last == :File
-
-            node.children[1] == :readlines
-          end
-
-          def remove_find_dot_find_args(node)
-            return unless node.is_a?(Parser::AST::Node)
-            return if node.children[1] == :version=
-            return remove_find_args(node) if node_calls_find_dot_find?(node)
-
-            node.children.each { |child| remove_find_dot_find_args(child) }
-          end
-
-          def node_calls_find_dot_find?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.children.first.is_a?(Parser::AST::Node)
-            return false unless node.children.first&.type == :const
-            return false unless node.children.first.children.last == :Find
-
-            node.children[1] == :find
-          end
-
-          def remove_unnecessary_assignments(node)
-            return unless node.is_a?(Parser::AST::Node)
-
-            if unnecessary_assignment?(node) &&
-               node.children.last&.location&.respond_to?(:heredoc_end)
-              range_to_remove = node.loc.expression.join(
-                node.children.last.location.heredoc_end
-              )
-              return replace(range_to_remove, '"sanitized"')
-            elsif unnecessary_assignment?(node)
-              return replace(node.loc.expression, '"sanitized"')
-            end
-
-            node.children.each do |child|
-              remove_unnecessary_assignments(child)
-            end
-          end
-
-          def unnecessary_assignment?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.children.first.is_a?(Parser::AST::Node)
-
-            return true if node.children.first.type == :lvar &&
-                           UNNECESSARY_ASSIGNMENTS.include?(node.children[1])
-
-            node.children[1] == :[]= && node.children.first.children.last
-          end
-
-          def node_is_version_constant?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.type == :const
-
-            node.children.last.to_s.match?(/version/i)
-          end
-
-          def node_calls_version_constant?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.type == :send
-
-            node.children.any? { |n| node_is_version_constant?(n) }
-          end
-
-          def node_interpolates_version_constant?(node)
-            return false unless node.is_a?(Parser::AST::Node)
-            return false unless node.type == :dstr
-
-            node.children.
-              select { |n| n.type == :begin }.
-              flat_map(&:children).
-              any? { |n| node_is_version_constant?(n) }
-          end
-
-          def replace_constant(node)
-            case node.children.last&.type
-            when :str, :int then nil # no-op
-            when :const, :send, :lvar
-              replace(
-                node.children.last.loc.expression,
-                %("#{replacement_version}")
-              )
-            when :dstr
-              node.children.last.children.
-                select { |n| n.type == :begin }.
-                flat_map(&:children).
-                select { |n| node_is_version_constant?(n) }.
-                each do |n|
-                  replace(
-                    n.loc.expression,
-                    %("#{replacement_version}")
-                  )
-                end
-            else
-              raise "Unexpected node type #{node.children.last&.type}"
-            end
-          end
-
-          def replace_file_assignment(node)
-            replace(node.children.last.loc.expression, "[]")
-          end
-
-          def replace_require_paths_assignment(node)
-            replace(node.children.last.loc.expression, "['lib']")
-          end
-
-          def replace_file_read(node)
-            replace(node.loc.expression, '"text"')
-          end
-
-          def replace_file_readlines(node)
-            replace(node.loc.expression, '["text"]')
-          end
-
-          def remove_find_args(node)
-            last_arg = node.children.last
-
-            range_to_remove =
-              last_arg.loc.expression.join(node.children[2].loc.begin.begin)
-
-            remove(range_to_remove)
-          end
-        end
-      end
-    end
-  end
-end